package com.cpkso.yzx.interceptor;

import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;

@SuppressWarnings("serial")
public class ValidCheck extends MethodFilterInterceptor {

	@Override
	protected String doIntercept(ActionInvocation invocation) throws Exception {
		// 1. 获取请求地址
//		ActionContext context = invocation.getInvocationContext();
//		String name = context.getName();
		
//		if (name.equals("msg_leave")) {
		// 对所有请求参数进行过滤？
		Map<String, Object> parameters = invocation.getInvocationContext().getParameters();
		
		Set<Entry<String,Object>> entrySet = parameters.entrySet();
		for (Entry<String, Object> entry : entrySet) {
			String key = entry.getKey();
			String[] values = (String[]) entry.getValue();
			
			values = transfer(values);
			parameters.put(key, values);
		}
			
//		}
		return invocation.invoke();
	}
	private String[] transfer(String[] values) {
		for (int i = 0; i < values.length; i++) {
			values[i] = values[i].trim()
			.replaceAll("<", "&lt;")
			.replaceAll(">", "&gt;")
			.replaceAll("&", "&amp;")
			.replaceAll("\"", "&quot;")
			.replaceAll("\'", "&#39;");
		}
		return values;
	}
}
